nss/lib/softoken/pkcs11i.h - Issue 2078763002: Delete bundled copy of NSS and replace with README.

Unified Diff: nss/lib/softoken/pkcs11i.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master

Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: nss/lib/softoken/pkcs11i.h

diff --git a/nss/lib/softoken/pkcs11i.h b/nss/lib/softoken/pkcs11i.h

deleted file mode 100644

index 8f16357cecbe03317821cece0f197cfa217c184d..0000000000000000000000000000000000000000

--- a/nss/lib/softoken/pkcs11i.h

+++ /dev/null

@@ -1,758 +0,0 @@

-/* This Source Code Form is subject to the terms of the Mozilla Public

- * License, v. 2.0. If a copy of the MPL was not distributed with this

- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-/*

- * Internal data structures and functions used by pkcs11.c

- */

-#ifndef _PKCS11I_H_

-#define _PKCS11I_H_ 1

-#include "nssilock.h"

-#include "seccomon.h"

-#include "secoidt.h"

-#include "lowkeyti.h"

-#include "pkcs11t.h"

-#include "sftkdbt.h"

-#include "chacha20poly1305.h"

-#include "hasht.h"

-/*

- * Configuration Defines

- *

- * The following defines affect the space verse speed trade offs of

- * the PKCS #11 module. For the most part the current settings are optimized

- * for web servers, where we want faster speed and lower lock contention at

- * the expense of space.

- */

-/*

- * The attribute allocation strategy is static allocation:

- * Attributes are pre-allocated as part of the session object and used from

- * the object array.

- */

-#define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in

- * the object (must me the absolute max) */

-#define ATTR_SPACE 50 /* Maximum size of attribute data before extra

- * data needs to be allocated. This is set to

- * enough space to hold an SSL MASTER secret */

-#define NSC_STRICT PR_FALSE /* forces the code to do strict template

- * matching when doing C_FindObject on token

- * objects. This will slow down search in

- * NSS. */

-/* default search block allocations and increments */

-#define NSC_CERT_BLOCK_SIZE 50

-#define NSC_SEARCH_BLOCK_SIZE 5

-#define NSC_SLOT_LIST_BLOCK_SIZE 10

-#define NSC_FIPS_MODULE 1

-#define NSC_NON_FIPS_MODULE 0

-/* these are data base storage hashes, not cryptographic hashes.. The define

- * the effective size of the various object hash tables */

-/* clients care more about memory usage than lookup performance on

- * cyrptographic objects. Clients also have less objects around to play with

- *

- * we eventually should make this configurable at runtime! Especially now that

- * NSS is a shared library.

- */

-#define SPACE_ATTRIBUTE_HASH_SIZE 32

-#define SPACE_SESSION_OBJECT_HASH_SIZE 32

-#define SPACE_SESSION_HASH_SIZE 32

-#define TIME_ATTRIBUTE_HASH_SIZE 32

-#define TIME_SESSION_OBJECT_HASH_SIZE 1024

-#define TIME_SESSION_HASH_SIZE 1024

-#define MAX_OBJECT_LIST_SIZE 800

- /* how many objects to keep on the free list

- * before we start freeing them */

-#define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */

-/*

- * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.

- * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.

- * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.

- *

- * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS

- * 1024 9 512 2

- * 1024 5 32 32

- * 1024 1 2 512

- * 1024 0 1 1024

- * 4096 11 2048 2

- * 4096 9 512 8

- * 4096 5 32 128

- * 4096 1 2 2048

- * 4096 0 1 4096

- */

-#define LOG2_BUCKETS_PER_SESSION_LOCK 1

-#define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))

-/* NOSPREAD sessionID to hash table index macro has been slower. */

-/* define typedefs, double as forward declarations as well */

-typedef struct SFTKAttributeStr SFTKAttribute;

-typedef struct SFTKObjectListStr SFTKObjectList;

-typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;

-typedef struct SFTKObjectListElementStr SFTKObjectListElement;

-typedef struct SFTKObjectStr SFTKObject;

-typedef struct SFTKSessionObjectStr SFTKSessionObject;

-typedef struct SFTKTokenObjectStr SFTKTokenObject;

-typedef struct SFTKSessionStr SFTKSession;

-typedef struct SFTKSlotStr SFTKSlot;

-typedef struct SFTKSessionContextStr SFTKSessionContext;

-typedef struct SFTKSearchResultsStr SFTKSearchResults;

-typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;

-typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;

-typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo;

-typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo;

-typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;

-typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info;

-typedef struct SFTKItemTemplateStr SFTKItemTemplate;

-/* define function pointer typdefs for pointer tables */

-typedef void (*SFTKDestroy)(void *, PRBool);

-typedef void (*SFTKBegin)(void *);

-typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,

- void *, unsigned int);

-typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);

-typedef void (*SFTKHash)(void *,const void *,unsigned int);

-typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);

-typedef void (*SFTKFree)(void *);

-/* Value to tell if an attribute is modifiable or not.

- * NEVER: attribute is only set on creation.

- * ONCOPY: attribute is set on creation and can only be changed on copy.

- * SENSITIVE: attribute can only be changed to TRUE.

- * ALWAYS: attribute can always be changed.

- */

-typedef enum {

- SFTK_NEVER = 0,

- SFTK_ONCOPY = 1,

- SFTK_SENSITIVE = 2,

- SFTK_ALWAYS = 3

-} SFTKModifyType;

-/*

- * Free Status Enum... tell us more information when we think we're

- * deleting an object.

- */

-typedef enum {

- SFTK_DestroyFailure,

- SFTK_Destroyed,

- SFTK_Busy

-} SFTKFreeStatus;

-/*

- * attribute values of an object.

- */

-struct SFTKAttributeStr {

- SFTKAttribute *next;

- SFTKAttribute *prev;

- PRBool freeAttr;

- PRBool freeData;

- /*must be called handle to make sftkqueue_find work */

- CK_ATTRIBUTE_TYPE handle;

- CK_ATTRIBUTE attrib;

- unsigned char space[ATTR_SPACE];

-};

-/*

- * doubly link list of objects

- */

-struct SFTKObjectListStr {

- SFTKObjectList *next;

- SFTKObjectList *prev;

- SFTKObject *parent;

-};

-struct SFTKObjectFreeListStr {

- SFTKObject *head;

- PZLock *lock;

- int count;

-};

-/*

- * PKCS 11 crypto object structure

- */

-struct SFTKObjectStr {

- SFTKObject *next;

- SFTKObject *prev;

- CK_OBJECT_CLASS objclass;

- CK_OBJECT_HANDLE handle;

- int refCount;

- PZLock *refLock;

- SFTKSlot *slot;

- void *objectInfo;

- SFTKFree infoFree;

-};

-struct SFTKTokenObjectStr {

- SFTKObject obj;

- SECItem dbKey;

-};

-struct SFTKSessionObjectStr {

- SFTKObject obj;

- SFTKObjectList sessionList;

- PZLock *attributeLock;

- SFTKSession *session;

- PRBool wasDerived;

- int nextAttr;

- SFTKAttribute attrList[MAX_OBJS_ATTRS];

- PRBool optimizeSpace;

- unsigned int hashSize;

- SFTKAttribute *head[1];

-};

-/*

- * struct to deal with a temparary list of objects

- */

-struct SFTKObjectListElementStr {

- SFTKObjectListElement *next;

- SFTKObject *object;

-};

-/*

- * Area to hold Search results

- */

-struct SFTKSearchResultsStr {

- CK_OBJECT_HANDLE *handles;

- int size;

- int index;

- int array_size;

-};

-/*

- * the universal crypto/hash/sign/verify context structure

- */

-typedef enum {

- SFTK_ENCRYPT,

- SFTK_DECRYPT,

- SFTK_HASH,

- SFTK_SIGN,

- SFTK_SIGN_RECOVER,

- SFTK_VERIFY,

- SFTK_VERIFY_RECOVER

-} SFTKContextType;

-/** max block size of supported block ciphers */

-#define SFTK_MAX_BLOCK_SIZE 16

-/** currently SHA512 is the biggest hash length */

-#define SFTK_MAX_MAC_LENGTH 64

-#define SFTK_INVALID_MAC_SIZE 0xffffffff

-/** Particular ongoing operation in session (sign/verify/digest/encrypt/...)

- *

- * Understanding sign/verify context:

- * multi=1 hashInfo=0 block (symmetric) cipher MACing

- * multi=1 hashInfo=X PKC S/V with prior hashing

- * multi=0 hashInfo=0 PKC S/V one shot (w/o hashing)

- * multi=0 hashInfo=X *** shouldn't happen ***

- */

-struct SFTKSessionContextStr {

- SFTKContextType type;

- PRBool multi; /* is multipart */

- PRBool rsa; /* is rsa */

- PRBool doPad; /* use PKCS padding for block ciphers */

- unsigned int blockSize; /* blocksize for padding */

- unsigned int padDataLength; /* length of the valid data in padbuf */

- /** latest incomplete block of data for block cipher */

- unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];

- /** result of MAC'ing of latest full block of data with block cipher */

- unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];

- CK_ULONG macSize; /* size of a general block cipher mac*/

- void *cipherInfo;

- void *hashInfo;

- unsigned int cipherInfoLen;

- CK_MECHANISM_TYPE currentMech;

- SFTKCipher update;

- SFTKHash hashUpdate;

- SFTKEnd end;

- SFTKDestroy destroy;

- SFTKDestroy hashdestroy;

- SFTKVerify verify;

- unsigned int maxLen;

- SFTKObject *key;

-};

-/*

- * Sessions (have objects)

- */

-struct SFTKSessionStr {

- SFTKSession *next;

- SFTKSession *prev;

- CK_SESSION_HANDLE handle;

- int refCount;

- PZLock *objectLock;

- int objectIDCount;

- CK_SESSION_INFO info;

- CK_NOTIFY notify;

- CK_VOID_PTR appData;

- SFTKSlot *slot;

- SFTKSearchResults *search;

- SFTKSessionContext *enc_context;

- SFTKSessionContext *hash_context;

- SFTKSessionContext *sign_context;

- SFTKObjectList *objects[1];

-};

-/*

- * slots (have sessions and objects)

- *

- * The array of sessionLock's protect the session hash table (head[])

- * as well as the reference count of session objects in that bucket

- * (head[]->refCount), objectLock protects all elements of the slot's

- * object hash tables (sessObjHashTable[] and tokObjHashTable), and

- * sessionObjectHandleCount.

- * slotLock protects the remaining protected elements:

- * password, isLoggedIn, ssoLoggedIn, and sessionCount,

- * and pwCheckLock serializes the key database password checks in

- * NSC_SetPIN and NSC_Login.

- *

- * Each of the fields below has the following lifetime as commented

- * next to the fields:

- * invariant - This value is set when the slot is first created and

- * never changed until it is destroyed.

- * per load - This value is set when the slot is first created, or

- * when the slot is used to open another directory. Between open and close

- * this field does not change.

- * variable - This value changes through the normal process of slot operation.

- * - reset. The value of this variable is cleared during an open/close

- * cycles.

- * - preserved. The value of this variable is preserved over open/close

- * cycles.

- */

-struct SFTKSlotStr {

- CK_SLOT_ID slotID; /* invariant */

- PZLock *slotLock; /* invariant */

- PZLock **sessionLock; /* invariant */

- unsigned int numSessionLocks; /* invariant */

- unsigned long sessionLockMask; /* invariant */

- PZLock *objectLock; /* invariant */

- PRLock *pwCheckLock; /* invariant */

- PRBool present; /* variable -set */

- PRBool hasTokens; /* per load */

- PRBool isLoggedIn; /* variable - reset */

- PRBool ssoLoggedIn; /* variable - reset */

- PRBool needLogin; /* per load */

- PRBool DB_loaded; /* per load */

- PRBool readOnly; /* per load */

- PRBool optimizeSpace; /* invariant */

- SFTKDBHandle *certDB; /* per load */

- SFTKDBHandle *keyDB; /* per load */

- int minimumPinLen; /* per load */

- PRInt32 sessionIDCount; /* atomically incremented */

- /* (preserved) */

- int sessionIDConflict; /* not protected by a lock */

- /* (preserved) */

- int sessionCount; /* variable - reset */

- PRInt32 rwSessionCount; /* set by atomic operations */

- /* (reset) */

- int sessionObjectHandleCount;/* variable - perserved */

- int index; /* invariant */

- PLHashTable *tokObjHashTable; /* invariant */

- SFTKObject **sessObjHashTable; /* variable - reset */

- unsigned int sessObjHashSize; /* invariant */

- SFTKSession **head; /* variable -reset */

- unsigned int sessHashSize; /* invariant */

- char tokDescription[33]; /* per load */

- char updateTokDescription[33]; /* per load */

- char slotDescription[65]; /* invariant */

-};

-/*

- * special joint operations Contexts

- */

-struct SFTKHashVerifyInfoStr {

- SECOidTag hashOid;

- void *params;

- NSSLOWKEYPublicKey *key;

-};

-struct SFTKHashSignInfoStr {

- SECOidTag hashOid;

- void *params;

- NSSLOWKEYPrivateKey *key;

-};

-/**

- * Contexts for RSA-OAEP

- */

-struct SFTKOAEPEncryptInfoStr {

- CK_RSA_PKCS_OAEP_PARAMS *params;

- NSSLOWKEYPublicKey *key;

-};

-struct SFTKOAEPDecryptInfoStr {

- CK_RSA_PKCS_OAEP_PARAMS *params;

- NSSLOWKEYPrivateKey *key;

-};

-/* context for the Final SSLMAC message */

-struct SFTKSSLMACInfoStr {

- void *hashContext;

- SFTKBegin begin;

- SFTKHash update;

- SFTKEnd end;

- CK_ULONG macSize;

- int padSize;

- unsigned char key[MAX_KEY_LEN];

- unsigned int keySize;

-};

-/* SFTKChaCha20Poly1305Info saves the key, tag length, nonce,

- * and additional data for a ChaCha20+Poly1305 AEAD operation. */

-struct SFTKChaCha20Poly1305InfoStr {

- ChaCha20Poly1305Context freeblCtx;

- unsigned char nonce[12];

- unsigned char ad[16];

- unsigned char *adOverflow;

- unsigned int adLen;

-};

-/*

- * Template based on SECItems, suitable for passing as arrays

- */

-struct SFTKItemTemplateStr {

- CK_ATTRIBUTE_TYPE type;

- SECItem *item;

-};

-/* macro for setting SFTKTemplates. */

-#define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \

- templ[count].type = attr; \

- templ[count].item = itemPtr

-#define SFTK_MAX_ITEM_TEMPLATE 10

-/*

- * session handle modifiers

- */

-#define SFTK_SESSION_SLOT_MASK 0xff000000L

-/*

- * object handle modifiers

- */

-#define SFTK_TOKEN_MASK 0x80000000L

-#define SFTK_TOKEN_MAGIC 0x80000000L

-#define SFTK_TOKEN_TYPE_MASK 0x70000000L

-/* keydb (high bit == 0) */

-#define SFTK_TOKEN_TYPE_PRIV 0x10000000L

-#define SFTK_TOKEN_TYPE_PUB 0x20000000L

-#define SFTK_TOKEN_TYPE_KEY 0x30000000L

-/* certdb (high bit == 1) */

-#define SFTK_TOKEN_TYPE_TRUST 0x40000000L

-#define SFTK_TOKEN_TYPE_CRL 0x50000000L

-#define SFTK_TOKEN_TYPE_SMIME 0x60000000L

-#define SFTK_TOKEN_TYPE_CERT 0x70000000L

-#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)

-/* how big (in bytes) a password/pin we can deal with */

-#define SFTK_MAX_PIN 255

-/* minimum password/pin length (in Unicode characters) in FIPS mode */

-#define FIPS_MIN_PIN 7

-/* slot ID's */

-#define NETSCAPE_SLOT_ID 1

-#define PRIVATE_KEY_SLOT_ID 2

-#define FIPS_SLOT_ID 3

-/* slot helper macros */

-#define sftk_SlotFromSession(sp) ((sp)->slot)

-#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)

-/* the session hash multiplier (see bug 201081) */

-#define SHMULTIPLIER 1791398085

-/* queueing helper macros */

-#define sftk_hash(value,size) \

- ((PRUint32)((value) * SHMULTIPLIER) & (size-1))

-#define sftkqueue_add(element,id,head,hash_size) \

- { int tmp = sftk_hash(id,hash_size); \

- (element)->next = (head)[tmp]; \

- (element)->prev = NULL; \

- if ((head)[tmp]) (head)[tmp]->prev = (element); \

- (head)[tmp] = (element); }

-#define sftkqueue_find(element,id,head,hash_size) \

- for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \

- (element) = (element)->next) { \

- if ((element)->handle == (id)) { break; } }

-#define sftkqueue_is_queued(element,id,head,hash_size) \

- ( ((element)->next) || ((element)->prev) || \

- ((head)[sftk_hash(id,hash_size)] == (element)) )

-#define sftkqueue_delete(element,id,head,hash_size) \

- if ((element)->next) (element)->next->prev = (element)->prev; \

- if ((element)->prev) (element)->prev->next = (element)->next; \

- else (head)[sftk_hash(id,hash_size)] = ((element)->next); \

- (element)->next = NULL; \

- (element)->prev = NULL; \

-#define sftkqueue_init_element(element) \

- (element)->prev = NULL;

-#define sftkqueue_add2(element, id, index, head) \

- { \

- (element)->next = (head)[index]; \

- if ((head)[index]) \

- (head)[index]->prev = (element); \

- (head)[index] = (element); \

- }

-#define sftkqueue_find2(element, id, index, head) \

- for ( (element) = (head)[index]; \

- (element) != NULL; \

- (element) = (element)->next) { \

- if ((element)->handle == (id)) { break; } \

- }

-#define sftkqueue_delete2(element, id, index, head) \

- if ((element)->next) (element)->next->prev = (element)->prev; \

- if ((element)->prev) (element)->prev->next = (element)->next; \

- else (head)[index] = ((element)->next);

-#define sftkqueue_clear_deleted_element(element) \

- (element)->next = NULL; \

- (element)->prev = NULL; \

-/* sessionID (handle) is used to determine session lock bucket */

-#ifdef NOSPREAD

-/* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */

-#define SFTK_SESSION_LOCK(slot,handle) \

- ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \

- & (slot)->sessionLockMask])

-#else

-/* SPREAD: ID & (perbucket-1) */

-#define SFTK_SESSION_LOCK(slot,handle) \

- ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])

-#endif

-/* expand an attribute & secitem structures out */

-#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen

-#define sftk_item_expand(ip) (ip)->data,(ip)->len

-typedef struct sftk_token_parametersStr {

- CK_SLOT_ID slotID;

- char *configdir;

- char *certPrefix;

- char *keyPrefix;

- char *updatedir;

- char *updCertPrefix;

- char *updKeyPrefix;

- char *updateID;

- char *tokdes;

- char *slotdes;

- char *updtokdes;

- int minPW;

- PRBool readOnly;

- PRBool noCertDB;

- PRBool noKeyDB;

- PRBool forceOpen;

- PRBool pwRequired;

- PRBool optimizeSpace;

-} sftk_token_parameters;

-typedef struct sftk_parametersStr {

- char *configdir;

- char *updatedir;

- char *updateID;

- char *secmodName;

- char *man;

- char *libdes;

- PRBool readOnly;

- PRBool noModDB;

- PRBool noCertDB;

- PRBool forceOpen;

- PRBool pwRequired;

- PRBool optimizeSpace;

- sftk_token_parameters *tokens;

- int token_count;

-} sftk_parameters;

-/* path stuff (was machine dependent) used by dbinit.c and pk11db.c */

-#define CERT_DB_FMT "%scert%s.db"

-#define KEY_DB_FMT "%skey%s.db"

-SEC_BEGIN_PROTOS

-/* shared functions between pkcs11.c and fipstokn.c */

-extern PRBool nsf_init;

-extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);

-extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);

-extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv);

-extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,

- CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);

-/* slot initialization, reinit, shutdown and destruction */

-extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,

- sftk_token_parameters *params, int moduleIndex);

-extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,

- char *updatedir, char *updateID,

- sftk_token_parameters *params, int moduleIndex);

-extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);

-extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);

-extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout);

-/* internal utility functions used by pkcs11.c */

-extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,

- CK_ATTRIBUTE_TYPE type);

-extern void sftk_FreeAttribute(SFTKAttribute *attribute);

-extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,

- const void *valPtr, CK_ULONG length);

-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,

- SFTKObject *object, CK_ATTRIBUTE_TYPE type);

-extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena,

- SFTKObject *object, SFTKItemTemplate *templ, int count);

-extern unsigned int sftk_GetLengthInBits(unsigned char *buf,

- unsigned int bufLen);

-extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,

- CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);

-extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);

-extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);

-extern void sftk_DeleteAttributeType(SFTKObject *object,

- CK_ATTRIBUTE_TYPE type);

-extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,

- SFTKObject *object, CK_ATTRIBUTE_TYPE type);

-extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,

- SFTKObject *object,

- CK_ATTRIBUTE_TYPE type);

-extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,

- CK_OBJECT_CLASS inClass);

-extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);

-extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);

-extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);

-extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,

- CK_ULONG *longData);

-extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,

- const void *value, unsigned int len);

-extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,

- const void *value, unsigned int len);

-extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);

-extern SFTKObject *sftk_NewObject(SFTKSlot *slot);

-extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);

-extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);

-extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);

-extern void sftk_ReferenceObject(SFTKObject *object);

-extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,

- SFTKSession *session);

-extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);

-extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);

-/* clear out all the existing object ID to database key mappings.

- * used to reinit a token */

-extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);

-extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,

- SFTKObject **head, unsigned int size,

- PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,

- int count, PRBool isLoggedIn);

-extern SFTKObjectListElement *sftk_FreeObjectListElement(

- SFTKObjectListElement *objectList);

-extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);

-extern void sftk_FreeSearch(SFTKSearchResults *search);

-extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);

-extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);

-extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);

-extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);

-extern void sftk_FreeSession(SFTKSession *session);

-extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,

- CK_VOID_PTR pApplication, CK_FLAGS flags);

-extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);

-extern void sftk_update_all_states(SFTKSlot *slot);

-extern void sftk_FreeContext(SFTKSessionContext *context);

-extern void sftk_InitFreeLists(void);

-extern void sftk_CleanupFreeLists(void);

-extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,

- CK_KEY_TYPE key_type, CK_RV *crvp);

-extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,

- CK_KEY_TYPE key_type, CK_RV *crvp);

-extern void sftk_FormatDESKey(unsigned char *key, int length);

-extern PRBool sftk_CheckDESKey(unsigned char *key);

-extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);

-/* mechanism allows this operation */

-extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);

-/* helper function which calls nsslowkey_FindKeyByPublicKey after safely

- * acquiring a reference to the keydb from the slot */

-NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);

-/*

- * parameter parsing functions

- */

-CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);

-void sftk_freeParams(sftk_parameters *params);

-/*

- * narrow objects

- */

-SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);

-SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);

-/*

- * token object utilities

- */

-void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);

-PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,

- CK_OBJECT_HANDLE handle);

-SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,

- CK_OBJECT_HANDLE handle);

-SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);

-/* J-PAKE (jpakesftk.c) */

-extern

-CK_RV jpake_Round1(HASH_HashType hashType,

- CK_NSS_JPAKERound1Params * params,

- SFTKObject * key);

-extern

-CK_RV jpake_Round2(HASH_HashType hashType,

- CK_NSS_JPAKERound2Params * params,

- SFTKObject * sourceKey, SFTKObject * key);

-extern

-CK_RV jpake_Final(HASH_HashType hashType,

- const CK_NSS_JPAKEFinalParams * params,

- SFTKObject * sourceKey, SFTKObject * key);

-/* Constant time MAC functions (hmacct.c) */

-struct sftk_MACConstantTimeCtxStr {

- const SECHashObject *hash;

- unsigned char mac[64];

- unsigned char secret[64];

- unsigned int headerLength;

- unsigned int secretLength;

- unsigned int totalLength;

- unsigned char header[75];

-};

-typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx;

-sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New(

- CK_MECHANISM_PTR mech, SFTKObject *key);

-sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(

- CK_MECHANISM_PTR mech, SFTKObject *key);

-void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len);

-void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len);

-void sftk_MACConstantTime_EndHash(

- void *pctx, void *out, unsigned int *outLength, unsigned int maxLength);

-void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool);

-/****************************************

- * implement TLS Pseudo Random Function (PRF)

- */

-extern CK_RV

-sftk_TLSPRFInit(SFTKSessionContext *context,

- SFTKObject * key,

- CK_KEY_TYPE key_type,

- HASH_HashType hash_alg,

- unsigned int out_len);

-SEC_END_PROTOS

-#endif /* _PKCS11I_H_ */

« no previous file with comments | « nss/lib/softoken/pkcs11c.c ('k') | nss/lib/softoken/pkcs11ni.h » ('j') | no next file with comments »